Attack Vectors – Pt. 1 (Passive)

May 10, 2016

c1ph0r

Over the past two weeks, we have focused on the fundamental basics of information security such as the importance of having a strong password protocol, understanding what malware is, and what steps we can take to make ourselves harder targets. In this weeks post we will be starting a two part series on the skills used to gain access to our personal data and networks. Attack vectors are the various methods used to accomplish this task. It needs to be stated however that this is far from a complete list of the techniques and strategies employed by attackers. My goal here is just to present the most common vectors and their relevance to the average home user, but many of these topics also apply to the enterprise environment.

This will be split into two sections and covered over two weeks. This week is the “passive” attack vectors utilized and what they mean to you. Come back next week to check out the next section: “active” vectors.

OSI

OSI, or open source intelligence, is the first step for most attackers. They use freely available information sources online to gather important details and knowledge of their targets that will be used later in the attack cycle. Have you ever Google’d yourself to see what information is out there? I recommend spending some time playing a game I learned when I worked as a security guard: “What would I do if I was a bad guy?” If you were a bad guy trying to learn sensitive information about yourself that you could use later on what kind of information is out there?

I’m not saying we should all shun the use of social media, but maybe be more cognizant of the details we share publicly. Later in this post, I’ll demonstrate how the information that can be easily found by attackers online can be used to leverage access.

Password Cracking

This vector has multiple levels. If you followed the advice from my post on passwords, then you should be reasonably immune to this attack. The reason I covered strong password protocols so early on is because this is the easiest way to gain access. One scary thing that most users don’t realize is that an alarmingly large amount of people use the same passwords. I highly recommend taking a look at: this article. If all someone has to do is guess a password, very little technical expertise is required to gain access to actionable data and personal details.

And if that doesn’t work, an attacker will refer back to the details they learned during the open source information gathering phase I mentioned earlier and add that data to a password list that will be used to attempt to brute force crack your passwords. Details such as: names, dates, places, and words/phrases that you use commonly will all be used. Password cracking software can take this data and try any possible combinations and iterations. As you can see from that article, and from our own personal experiences, that most of us use insecure passwords. Possibly from that list of of the most popular passwords. When you read later in the article about packet sniffing, imagine what could happen if someone has one of your passwords. Is it the same password(or something similar) that you use on all your other sites?

Wi-Fi Hacking

Your home Wi-Fi connection is a very valuable vector for attackers and there a few crucial mistakes that can easily remedied to make us safer. Step one is to make sure you don’t have open access. When you leave your Wi-Fi open without a password, anyone can connect to it. Once connected a skilled attacker can do many nefarious things.

The first thing an attacker can do is start sniffing packets. Packets are how data gets processed and packaged for it to flow smoothly throughout the internet and our networks. Packets sent from our devices get tagged with our hardware MAC addresses, and then the server send the data back and our router knows which device to send which packets. Normally devices will discard packets meant for other devices, but there are applications that allow you to tell the network card to stop discarding them. Any unencrypted data such as what websites your viewing, user names and passwords, Outlook email credentials, unencrypted FTP or Telnet data, etc. They can also launch an attack known as a man-in-the-middle attack. A basic way to understand this is imagine a bad guy being able to capture data that they can use to impersonate you on a remote site, like your bank or Facebook.

Always use a strong password for access to your Wi-Fi, but also make sure you use a strong form of encryption. Most wireless access points offer a variety of choices in the encryption type, some of which are easily crackable such as WEP. There are a few popular tools used to crack WEP by collecting enough of the data that was encrypted using RC4, which after a certain quantity of data is processed becomes non-random and predictable. Most modern wireless access points offer WPA2 with AES. This is the safest option generally.

I’d also caution most users to disable Wi-Fi Protected Setup, or WPS. This is the little button most of us are familiar with that allows you to connect a device without entering a password. While we can reasonably secure physical access to the button, even then an exploited device that has access to your network could be leveraged to reveal your passphrase. You can also brute-force WPS by exploiting the insecurity of the way it was designed to authenticate PINs. In most instances, I’d say the best practice is to just disable it.

In conclusion, I also want to advise users to be careful when using an open public Wi-Fi source. A lot of the vulnerabilities I’ve gone over will also be present in many open access points. Avoid using insecure technologies such as FTP or Telnet, and make sure Outlook and other applications are using encryption if available. You can also use a VPN to encrypt all traffic leaving your device. Make sure when submitting sensitive details while browsing the web the sites show “HTTPS” in the address bar. The “S” indicates the site is using the SECURE encrypted version of the HTTP protocol. There are also browser add-ons that can request websites send traffic with HTTPS when available, even if is isn’t the default.

Stay tuned for next week’s continuation on attack vectors as we look deeper and discuss the “active” threats we face in this digital world.

If you have any specific questions or ideas for future posts, please send your ideas to opensourcesec@protonmail.comThanks for reading. Stay safe.